bug-recutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-recutils] Feature Request: Confidential Fields


From: Sven Wick
Subject: [bug-recutils] Feature Request: Confidential Fields
Date: Tue, 23 Aug 2011 15:44:37 +0200
User-agent: RoundCube Webmail/0.2.2

Hi,

I want to use recutils for documenting much of our IT infrastructure,
because I want to get rid of all the spreadsheets, textfiles and word
documents
which are spread around.

But sometimes it would be good to have entries
in the rec file not visible to everybody e.g. passwords or similar.

Ok, for passwords there are many tools to use
but why use another kind of database when I have recutils.

Another solution would be to script the encryption/decryption
myself with scripts but it would be nice to have it already built into
recutils.

Here is my idea:

A field which holds a hashed password or maybe a list of hashed passwords:

  %password: MySecret
  %passwords: MySecret1 MySecret2

They are used for all entries. In case they are redefined in a %rec,
the redefined ones are used for the specific record type.
 

A type to flag fields as 'confidential':

  %type: Password confidential
  %type: Location confidential
  %type: PhoneNumber confidential

  ...


1) Doing a recsel with no password
   just spits out the data as usual
   but the 'confidential' values as encrypted text.

2) Insertion should be done via recins
   and then stored as encrypted text.

   This way, entries can be done
   without knowing the password

   Only getting the data needs a password.

3) If insertions is done via a text editor,
   recfix could encrypt it afterwards.

4) recsel can be given a list of passwords,
   which it tries all and if one of them succeeds,
   it spits out the data.
   If none succeeds just return the encrypted data.


I know that recutils should stay simple,
so maybe this idea already is too complex - I don't know.

A simple solution could be a single password for all flagged fields...

What do you think?




reply via email to

[Prev in Thread] Current Thread [Next in Thread]